new infra for df helmcharts #113
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: decentralized-feeder-pull-request-pipeline | |
| on: | |
| pull_request: | |
| branches: | |
| - master | |
| workflow_dispatch: # This allows manual triggering | |
| permissions: | |
| contents: read | |
| packages: write | |
| env: | |
| ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }} # Set debug mode globally | |
| jobs: | |
| build_and_test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Checkout the repository | |
| - uses: actions/checkout@v4 | |
| # Set up Go | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: '1.22' | |
| # Get dependencies | |
| - name: Get dependencies | |
| run: go mod tidy | |
| # Build the Go application | |
| - name: Build | |
| run: go build -v ./... | |
| # Test the Go application | |
| - name: Test | |
| run: go test -v ./... | |
| push_image_and_deploy: | |
| runs-on: ubuntu-latest | |
| needs: build_and_test | |
| environment: | |
| name: dia-testspace # BEFORE GOING PUBLIC CHANGE THE ENV PROTENTIOC RULES TO INCLUDE THIS | |
| steps: | |
| # Checkout the repository | |
| - uses: actions/checkout@v4 | |
| # Get Short Commit Hash of the Merge Commit | |
| - name: Get Short Commit Hash | |
| run: | | |
| COMMIT_HASH=$(git rev-parse --short HEAD) | |
| echo "COMMIT_HASH=$COMMIT_HASH" >> $GITHUB_ENV | |
| # Checkout the cluster-backend repository | |
| - name: Checkout lumina-infra repository | |
| env: | |
| TOKEN: ${{ secrets.PIPELINE_TOKEN }} | |
| run: | | |
| git clone -q https://[email protected]/diadata-org/lumina-infra lumina-infra | |
| # Install IBM Cloud CLI and Container Registry CLI | |
| - name: Install IBM Cloud CLI | |
| run: | | |
| curl -fsSL https://clis.cloud.ibm.com/install/linux | sh | |
| ibmcloud plugin install container-registry -f | |
| # Log in to IBM Cloud | |
| - name: Log in to IBM Cloud | |
| env: | |
| IBM_CLOUD_API_KEY: ${{ secrets.IBM_CLOUD_API_KEY }} | |
| run: | | |
| ibmcloud login --apikey $IBM_CLOUD_API_KEY --no-region | |
| ibmcloud target -r us-south | |
| ibmcloud target -g Default | |
| # Build and Tag the Docker image with the commit hash | |
| - name: Build and Tag Docker image | |
| run: | | |
| docker build -f build/Dockerfile-diaDecentralOracleService -t us.icr.io/dia-registry/oracles/diadecentraloracleservice:commit-hash-${{ env.COMMIT_HASH }} . | |
| # Push the Docker image to IBM Cloud Container Registry | |
| - name: Push Docker image | |
| run: | | |
| ibmcloud cr login | |
| docker push us.icr.io/dia-registry/oracles/diadecentraloracleservice:commit-hash-${{ env.COMMIT_HASH }} | |
| # Install kubectl | |
| - name: Install kubectl | |
| run: | | |
| curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl" | |
| chmod +x ./kubectl | |
| sudo mv ./kubectl /usr/local/bin/kubectl | |
| - name: IBM Cluster kubectl config | |
| env: | |
| TOKEN: ${{ secrets.K8S_SERVICE_ACCOUNT_TOKEN_PROD }} | |
| CLUSTER_NAME: ${{ secrets.K8s_CLUSTER_NAME_IBM }} | |
| CONTEXT: ${{ secrets.K8s_CONTEXT_IBM }} | |
| API_SERVER: ${{ secrets.K8S_API_SERVER_IBM }} | |
| KUBE_CA_CERT_BASE64: ${{ secrets.KUBE_CA_CERT_BASE64_IBM }} | |
| SERVICE_ACCOUNT: ${{ secrets.K8S_SA }} | |
| run: | | |
| # Ensure token does not contain unexpected newline characters | |
| TOKEN=$(echo "$TOKEN" | tr -d '\n') | |
| # Decode the base64-encoded CA certificate and save it to a file | |
| echo "$KUBE_CA_CERT_BASE64" | base64 --decode > /tmp/ca.pem | |
| # Set cluster using the CA PEM file | |
| kubectl config set-cluster "$CLUSTER_NAME" \ | |
| --server="$API_SERVER" \ | |
| --certificate-authority=/tmp/ca.pem | |
| # Set credentials | |
| kubectl config set-credentials $SERVICE_ACCOUNT --token="$TOKEN" | |
| # Set context | |
| kubectl config set-context $CONTEXT --cluster="$CLUSTER_NAME" --user=$SERVICE_ACCOUNT | |
| # Use context | |
| kubectl config use-context $CONTEXT | |
| # Helm upgrade command with the commit hash tag | |
| - name: Helm upgrade/install conduit-node-001 | |
| run: | | |
| cd cluster-backend/helmcharts/decentral-feeders/001 | |
| helm upgrade --install -n dia-lumina --set repository.tag="commit-hash-${{ env.COMMIT_HASH }}" diaoracleservice-conduit-001 . | |
| # Clean up CA certificate | |
| if [ -f /tmp/ca.pem ]; then shred -u /tmp/ca.pem; fi | |
| - name: Cleanup IBM Cluster CA Certificate | |
| run: | | |
| # Securely remove the CA certificate file | |
| if [ -f /tmp/ca.pem ]; then shred -u /tmp/ca.pem; fi | |
| # Cleanup the cloned repository | |
| - name: Cleanup cloned repository and log out from IBM | |
| run: | | |
| rm -rf cluster-backend | |
| ibmcloud logout |